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Version: 23.0 


Case Study: 1 
Contoso Ltd Case A 
Overview 
Contoso, Ltd., is a healthcare company in Europe that has 2,000 users. The company is 
migrating to Windows Server 2012. 
The company has two main offices and two branch offices. The main offices are located in 
Paris and Amsterdam. One of the branch offices is a sales office located in Berlin. The other 
branch office is a research office located in Brussels. 
The offices connect to each other by using a WAN link. 
Current Environment 
Active Directory 
The network contains an Active Directory forest named contoso.com. An Active Directory 
site exists for each office. 
The forest contains a child domain named research.contoso.com. 
The functional level of both the domains is Windows Server 2008. 
In each site, there are two domain controllers for the contoso.com domain and two domain 
controllers for the research.contoso.com domain. The domain controllers run Windows 
Server 2008 R2. 
All of the domain controllers are global catalog servers. 
The FSMO roles were not moved since the domains were deployed. 
Network Infrastructure 
All servers run Windows Server 2008 R2. 
Each user has a laptop computer that runs Windows 7. 
The company has 10 print servers. Each print server contains several shared printers. 
The company has 10 file servers that have the following disk configurations: 
eA simple volume named C that is the System and Boot volume and is 
formatted NTFS 
eA mounted virtual hard disk (VHD) named DATA that is formatted NTFS 
eA simple volume named D that is formatted FAT32 
eA simple volume named E that is formatted NTFS 
eA Clustered Shared Volume (CSV) 
The Paris office contains a server named PAI. The Amsterdam office contains a server 
named AM1. 
Both servers have the following server roles installed: 
eDNS Server 
eDHCP Server 
eRemote Access 
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The DNS servers are configured to use the DNS servers of the company's Internet Service 
Provider (ISP) as forwarders. 
Users often work remotely. The users access the internal network by using an SSTP-based 
VPN connection. 
Requirements 
Planned Changes 
The company plans to implement the following changes: 
eCreate a child domain named sales.contoso.com. Only the domain controllers 
in sales.contoso.com will host a zone for the sales.contoso.com domain. The 
domain controllers in sales.contoso.com will run Windows Server 2012. The 
client computers in sales.contoso.com will use the sales.contoso.com domain 
controllers as their DNS servers. 
eImplement two servers in the Amsterdam office and two servers in the Paris 
office to replace PA1 and AMI. These new servers will run Windows Server 
2012 and will not have shared storage. 
eDecommission the research.contoso.com domain. All of the users and the 
Group Policy objects (GPOs) in research.contoso.com will be migrated to 
contoso.com. 
eMigrate the existing print queues to virtualized instances of Windows Server 
2012. 
eMigrate the file servers to new servers that run Windows Server 2012. 
eImplement RADIUS authentication for VPN connections. 
eDeploy Windows Server 2012 to all new servers. 
Technical Requirements 
The company identifies following technical requirements: 
eAll changes to Group Policies must be logged. 
eNetwork Access Protection (NAP) policies must be managed 
centrally. 
eCore networking services in each office must be redundant if a server 
fails. 
eThe possibility of IP address conflicts during the DHCP migration 
must be minimized. 
eA central log of the IP address leases and the users associated to those 
leases must be created. 
eAll of the client computers must be able to resolve internal names and 
internet names. 
eAdministrators in the Paris office need to deploy a series of desktop 
restrictions to the entire company by using Group Policy. 
eThe new sales.contoso.com domain will contain a web application 
that will access data from a Microsoft SQL Server located in the 
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contoso.com domain. The web application must use integrated 
Windows authentication. Users' credentials must be passed from the 
web applications to the SQL Server. 


Question: 1 


You implement and authorize the new DHCP servers. You import the server configurations 
and the scope configurations from PAI and AM1. 

You need to ensure that clients can obtain DHCP address assignments after you shut down 
PA1 and AM1. The solution must meet the technical requirements. 

What should you do? 


A.Run the Get-DhcpServerv4Lease cmdlet and the Remove-DhcpServerv4Lease cmdlet. Run 
the Windows Server Migration Tools. 

B.Run the Get-DhcpServerv4Lease cmdlet and the Add-DhcpServerv4Lease cmdlet. Activate 
the scopes. 

C.Run the Get-DhcpServerv4FreeIPAddress cmdlet and the Invoke- 
DhcpServerv4FailoverReplication cmdlet. Run the Windows Server Migration Tools. 

D.Run the Get-DhcpServerv4FreeIPAddress cmdlet and the Invoke- 
DhcpServerv4FailoverReplication cmdlet Activate the scopes. 


Answer: B 


The Get-DhcpServerv4Lease cmdlet gets one or more lease records from the Dynamic Host 
Configuration Protocol (DHCP) server service. 

The Add-DhcpServerv4Lease cmdlet adds a new IPv4 address lease on the Dynamic Host 
Configuration Protocol (DHCP) server service. This cmdlet is only supported for DHCP 
server service running on Windows Server® 2012. 


Question: 2 


You need to recommend a management solution for the GPOs. The solution must meet the 
technical requirements. What should you include in the recommendation? 


A.Microsoft Baseline Security Analyzer (MBSA) 

B.Microsoft Desktop Optimization Pack (MDOP) 

C.Microsoft System Center 2012 Operations Manager 
D.Microsoft System Center 2012 Data Protection Manager (DPM) 


Answer: B 
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Explanation: 

* Scenario: 

/ All changes to Group Policies must be logged. 

/ Administrators in the Paris office need to deploy a series of desktop restrictions to the entire 
company by using Group Policy. 

* Microsoft Desktop Optimization Pack 

Windows Vista Enterprise helps global organizations and enterprises with complex IT 
infrastructures lower IT costs, reduce risk, and stay connected. The Microsoft Desktop 
Optimization Pack for Software Assurance further extends this value by reducing application 
deployment costs, enabling delivery of applications as services, and allowing for better 
management and control of enterprise desktop environments. Together these technologies 
deliver a highly cost-effective and flexible Windows desktop management solution. 

What is the Microsoft Desktop Optimization Pack? 

The Microsoft Desktop Optimization Pack (MDOP) for Software Assurance is an add-on 
subscription license available to Software Assurance customers. It uses innovative 
technologies to help reduce the total cost of ownership (TCO) of the Windows desktop by 
accelerating operating system and application management and enhancing IT responsiveness 
and end-user uptime. It will enable you to better control the desktop, accelerate and simplify 
desktop deployments and management, and create a dynamic infrastructure by turning 
software into centrally managed services. 

MDOP facilitates accelerated deployment and manageability of Windows through these 
innovative technologies— available only to Windows Software Assurance customers. 
Reference: Microsoft Desktop Optimization Pack 

URL: http://technet.microsoft.com/en-us/library/cc507880.aspx 


Question: 3 


You are planning the decommissioning of research.contoso.com. 

You need to ensure that an administrator named AdminS5 in the research department can 
manage the user accounts that are migrated to contoso.com. The solution must minimize the 
number of permissions assigned to Admin5. 

What should you do before you migrate the user accounts? 


A.Run the New-Object cmdlet, and then run the Add-ADPrincipalGroupMembershipcemdlet. 
B.Create a new organizational unit (OU), and then add Admin5 to the Account Operators 
group. 

C.Create a new organizational unit (OU), and then run the Delegation of Control Wizard. 
D.Run the New-Object cmdlet, and then run the Add- 
ADCentralAccessPolicyMembercmdlet. 
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Answer: C 


Explanation: 

* Scenario: Decommission the research.contoso.com domain. All of the users and the Group 
Policy objects (GPOs) in research.contoso.com will be migrated to contoso.com. 

Reference: Delegation of Control Wizard 
http://technet.microsoft.com/en-us/library/dd145344.aspx 


Question: 4 


You need to recommend changes to the DNS environment that support the implementation of 
the sales.contoso.com domain. The solution must ensure that the users in all of the domains 
can resolve both Internet names and the names of the servers in all of the internal domains. 
What should you recommend? 


A.On the DNS servers in contoso.com, configure a reverse lookup zone. On the DNS servers 
in sales.contoso.com, configure a conditional forwarder to contoso.com. 

B.On the DNS servers in contoso.com, add a conditional forwarder to the sales.contoso.com 
zone. On the DNS servers in sales.contoso.com, add a forwarder to the DNS servers of the 
company's ISP. 

C.On the DNS servers in contoso.com, create a zone delegation in the contoso.com zone. On 
the DNS servers in sales.contoso.com, add a forwarder to the contoso.com DNS servers. 
D.On the DNS servers in contoso.com, configure a conditional forwarder to 
sales.contoso.com. On the DNS servers in sales.contoso.com, configure a reverse zone. 


Answer: C 


Scenario: The client computers in sales.contoso.com will use the sales.contoso.com domain 
controllers as their DNS servers. 


Question: 5 


You are evaluating the implementation of data deduplication on the planned Windows Server 
2012 file servers. 

The planned servers will have the identical disk configurations as the current servers. 

You need to identify which volumes can be enabled for data deduplication. 

Which volumes should you identify? (Each correct answer presents part of the solution. 
Choose all that apply.) 
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A.C 

B.D 

C.E 

D. The CSV 
E.DATA 


Answer: C, E 


Explanation: 

* Scenario: 

A mounted virtual hard disk (VHD) named DATA that is formatted NTFS 

A simple volume named E that is formatted NTFS 

* Note: Data Deduplication feature doesn't do everything in this version. It is only available 
in certain Windows Server 2012 editions and has some limitations. Deduplication was built 
for NTFS data volumes and it does not support boot or system drives and cannot be used 
with 

Cluster Shared Volumes (CSV). We don't support deduplicating live VMs or running SQL 
databases. See how to determine which volumes are candidates for deduplication on Technet. 
Incorrect: 

Not A: Volume C is a boot volume. Data deduplication does not work on boot volumes. 

Not B: Volume B is FAT32 volume. Data deduplication requires NTFS. 

Not D: Deduplication cannot be used with CSV. 


Question: 6 


You are planning the implementation of two new servers that will be configured as RADIUS 
servers. 

You need to recommend which configuration must be performed on the VPN servers. The 
solution must meet the technical requirements. 

What should you do on each VPN server? 


A.Add a RADIUS client. 

B.Install the Health Registration Authority role service. 
C.Enable DirectAccess. 

D.Modify the authentication provider. 


Answer: D 


Explanation: 
* Implement RADIUS authentication for VPN connections. 
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* The new sales.contoso.com domain will contain a web application that will access data 
from a Microsoft SQL Server located in the contoso.com domain. The web application must 
use integrated Windows authentication. Users' credentials must be passed from the web 
applications to the SQL Server. 


Question: 7 


You need to recommend which changes must be implemented to the network before you can 
deploy the new web application. 
What should you include in the recommendation? 


A.Change the forest functional level to Windows Server 2008 R2. 

B.Upgrade the DNS servers to Windows Server 2012. 

C.Change the functional level of both the domains to Windows Server 2008 R2. 
D.Upgrade the domain controllers to Windows Server 2012. 


Answer: D 


Explanation: 

The web application is in the sales.contoso.com domain, which will have Windows Server 
2012 Domain controllers. We should therefore upgrade the other domain controller to 
Windows Server 2012. 

Scenario: 

* The new sales.contoso.com domain will contain a web application that will access data 
from a Microsoft SQL Server located in the contoso.com domain. The web application must 
use integrated Windows authentication. Users' credentials must be passed from the web 
applications to the SQL Server. 

* Planned changes include: create a child domain named sales.contoso.com. Only the domain 
controllers in sales.contoso.com will host a zone for the sales.contoso.com domain. The 
domain controllers in sales.contoso.com will run Windows Server 2012. 


Question: 8 


You need to recommend a fault-tolerant solution for the VPN. The solution must meet the 
technical requirements. 
What should you include in the recommendation? 


A.Network adapter teaming 


B.Network Load Balancing (NLB) 
C.Failover Clustering 
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D.DirectAccess 


Answer: B 


Explanation: 

* Scenario: Core networking services in each office must be redundant if a server fails. 

* The Network Load Balancing (NLB) feature distributes traffic across several servers by 
using the TCP/IP networking protocol. By combining two or more computers that are 
running applications into a single virtual cluster, NLB provides reliability and performance 
for web servers and other mission-critical servers. 

Reference: Network Load Balancing Overview 
http://technet.microsoft.com/en-us/library/hh831698.aspx 


Question: 9 


You are planning the migration of research.contoso.com. 
You need to identify which tools must be used to perform the migration. 
Which tools should you identify? 


A. Active Directory Migration Tool version 3.2 (ADMT v3.2) and Group Policy 
Management 

Console (GPMC) 

B. Active Directory Federation Services (AD FS) and Microsoft Federation Gateway 

C. Active Directory Migration Tool version 3.2 (ADMT v3.2) and Active Directory 
Federation 

Services (AD FS) 

D. Active Directory Lightweight Directory Services (AD LDS) and Group Policy 
Management 

Console (GPMC) 


Answer: A 


Explanation: 

* Scenario: 

All of the users and the Group Policy objects (GPOs) in research.contoso.com will be 
migrated to contoso.com. 

two domain controllers for the research.contoso.com domain. The domain controllers run 
Windows Server 2008 R2. 


Question: 10 
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You need to recommend a solution for DHCP logging. The solution must meet the technical 
requirement. 
What should you include in the recommendation? 


A. Event subscriptions 

B. IP Address Management (IPAM) 
C. DHCP audit logging 

D. DHCP filtering 


Answer: B 


* Scenario: A central log of the IP address leases and the users associated to those leases 
must be created. 

* Feature description 

IPAM in Windows Server 2012 is a new built-in framework for discovering, monitoring, 
auditing, and managing the IP address space used on a corporate network. IPAM provides for 
administration and monitoring of servers running Dynamic Host Configuration Protocol 
(DHCP) and Domain Name Service (DNS). IPAM includes components for: 

e Automatic IP address infrastructure discover)': IPAM discovers domain controllers, DHCP 
servers, and DNS servers in the domains you choose. You can enable or disable management 
of these servers by IPAM. 

e Custom IP address space display, reporting, and management: The display of IP addresses 
is highly customizable and detailed tracking and utilization data is available. IPv4 and IPv6 
address space is organized into IP address blocks, IP address ranges, and individual IP 
addresses. IP addresses are assigned built-in or user-defined fields that can be used to further 
organize IP address space into hierarchical, logical groups. 

e Audit of server configuration changes and tracking of IP address usage: Operational events 
are displayed for the IPAM server and managed DHCP servers. IPAM also enables IP address 
tracking using DHCP lease events and user logon events collected from Network Policy 
Server (NPS), domain controllers, and DHCP servers. Tracking is available by IP address, 
client ID, host name, or user name. 

e Monitoring and management of DHCP and DNS services: IPAM enables automated service 
availability monitoring for Microsoft DHCP and DNS servers across the forest. DNS zone 
health is displayed, and detailed DHCP server and scope management is available using the 
IPAM console. 

Reference: IP Address Management (IPAM) Overview 


Question: 11 
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After the planned upgrade to Windows Server 2012, you restore a user account from the 
Active Directory Recycle Bin. 

You need to replicate the restored user account as quickly as possible. 

Which cmdlets should you run? 


A. Get-ADReplicationSite and Set-ADReplicationConnection 

B. Get-ADReplicationAttributeMetadata and Compare-Object 

C. Get-ADReplicationUpToDatenessVectorTable and Set-ADReplicationSite 
D. Get ADDomainController and Sync-ADObject 


Answer: D 


Explanation: 

* Scenario: 

All of the domain controllers are global catalog servers. 

The FSMO roles were not moved since the domains were deployed. 

* Example: The following command replicates the user “James” to all the domain 
controllers: 

Get-ADDomainController -filter * | ForEach {Sync-ADObject -object “CN=James, 
OU=BusinessUsers, DC=Test, DC=Local” -source NKAD1 -destination $_-hostname} 

Note: 

* The Get-ADDomainController cmdlet gets the domain controllers specified by the 
parameters. 

You can get domain controllers by setting the Identity, Filter or Discover parameters. 

* The Sync-ADObject cmdlet replicates a single object between any two domain controllers 
that have partitions in common. The two domain controllers do not need to be direct 
replication partners. It can also be used to populate passwords in a read-only domain 
controller (RODC) cache. 

Reference: Get-ADDomainController, Sync-ADObject 


Question: 12 


You implement a new virtualized print server that runs Windows Server 2012. 
You need to migrate the print queues. 
Which tool should you use? 


A. Windows Server Migration Tools 

B. Active Directory Migration Tool (ADMT) 
C. Print Management 

D. Computer Management 
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Answer: C 


Explanation: 
* Scenario: Migrate the existing print queues to virtualized instances of Windows Server 
2012. 
* To manage the migration process, use one of the following: 
eThe Printer Migration Wizard, which you access through Print Management, 
a snap-in in 
eMicrosoft Management Console (MMC). 
eThe Printbrm.exe command-line tool. 
You can perform the migration locally or remotely, and from either a client computer or 
server. 
Important 
As a best practice, run the Printer Migration Wizard or Printbrm.exe from a computer 
running Windows Server 2012 
* Reference: Migrate Print and Document Services to Windows Server 2012 


Question: 13 


What method should you use to deploy servers? 


A. WDS 
B. AIK 

C. ADK 
D. EDT 


Answer: A 


WDS is a server role that enables you to remotely deploy Windows operating systems. You 
can use it to set up new computers by using a network-based installation. This means that you 
do not have to install each operating system directly from a CD, USB drive, or DVD. 
Reference: What's New in Windows Deployment Services in Windows Server 
https://technet.microsoft.com/en-us/library/dn281955.aspx 
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